|
|
|
|
|
|
by g_p
3585 days ago
|
|
|
For anyone interested in this, it's worth also taking a look at a related follow-up paper discussing a weakness in the use of the interlock technique for authentication [0]. I recognised the title here and recalled reading this paper some time ago. [0] Bellovin, Steven M., and Michael Merritt. "An attack on the interlock protocol when used for authentication." IEEE Transactions on Information Theory 40.1 (1994): 273-275. PDF at http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.112... From the abstract, > [...] We demonstrate that an active attacker can, at the cost of a timeout alarm, bypass the password exchange, and capture the passwords used. Furthermore, if the attack is from a terminal or workstation attempting to contact a computer, the attacker will have access before any alarm can be sounded. |
|
|